According to the docs, Grails provides a number of constraints that "have no impact on persistence but customize the scaffolding". One of them is the passwordconstraint. Here's how I use it:

class User {

    String username
    String password

    static constraints = {
        username blank: false
        password blank: false, password: true
    }
}

In combination with scaffolding, this has the effect that the edit view uses a specialized password input for my password field (that's fine), but the index and show view still show the password in plain text (not fine at all). Is there a way to have the password field only in the create and edit views, or at least masked with an asterisk or other character on the other views? Otherwise I wonder what the real benefit of this constraint might be. I tried specifying display: false, editable: true as additional constraints, but to no avail.

One way to solve this is by using customized field rendering via the fields plugin:

• Create a folder grails-app\views\_fields\user\password
• Put two files in this folder: _displayWidget.gsp and _displayWrapper.gsp
• Enter <g:each in="${0..value.length()}">&bull;</g:each> into both files

The password field will not vanish from index and show views, but at least you won't see it's value any longer, but a mask of bullet points instead. Create and edit view still use the password input widget according to the property constraint.